Json2Ldap datasheet

JSON-RPC web service for LDAP directory access

The Json2Ldap is a JSON-RPC 2.0 web gateway for LDAP directory access.

Supported LDAP operations and controls

Json2Ldap supports all core LDAP operations (RFC 4510):

It also supports a number of popular LDAP controls and extensions:

LDAP controls:

Extended LDAP operations:

Directory server compatibility

Json2Ldap is compatible with any directory supporting the current version 3 of the Lightweight Directory Access Protocol (LDAP).

Popular directory servers:

Web API

Json2Ldap handles JSON remote procedure call (RPC) requests for all standard directory operations as well as requests for a few useful LDAP extensions. See the Json2Ldap web API.

Directory connection » Directory authentication » Directory read and search »
Directory write operations » Extended directory operations » Utility functions »
Directory schema information » SRP-6a authentication »
Web service information »

Deployment

Json2Ldap is packaged as a standard web application archive (WAR) ready for deployment in a Java servlet container, such as the popular open source Apache Tomcat server.

Configuration

Json2Ldap is configured by properties located in the /WEB-INF/json2ldap.properties file. Any configuration property can be overridden by a Java system property.

Access control » Web API settings »

Client access control: SSL / X.509 security, client IP whitelist, API keys.

Enable / disable Json2Ldap calls, exception reporting, HTTP response content type.

LDAP connections » Default LDAP server »

LDAP connection settings: directory server whitelists, security, auto-reconnect, time limits.

Specify a default LDAP directory server (single / replicated) for ldap.connect requests.

Custom trust / key store for TLS/SSL LDAP » SRP-6a authentication »

Custom trust and / or key store for TLS / SSL LDAP connections.

Optional settings for Secure Remote Password (SRP-6a) authentication.

Logging

Json2Ldap uses the popular Log4j framework. The following event types can be selectively logged:

  • On a HTTP request: method name, client IP, CORS origin (if applicable).

  • On a JSON-RPC 2.0 request: method name, LDAP connection identifier (CID) (if applicable), response status (success or error code).

  • The creation, termination and expiration of LDAP connections.

  • Internal Json2Ldap exceptions.

Logging is configured by the /WEB-INF/log4j.properties file.

Sample LDAP directory server

A sample LDAP directory server is included in the Json2Ldap WAR to enable evaluation and testing of the service without an external directory. The sample directory is enabled / disabled and configured through the /WEB-INF/sampleDirectory.properties file.

System requirements

  • Java 8+

  • Java servlet API 4.0.1+

The web service requires about 150 megabytes of memory to boot, then about 1 kilobyte for every open LDAP connection.